Question for Bill Wilkinson...

Results 1 to 2 of 2

Thread: Question for Bill Wilkinson...

  1. #1
    Join Date
    Dec 1969

    Default Question for Bill Wilkinson...

    Bill, couple months ago you&#039;ve stated that using web spoofing, a good spoofer can able to send bogus info to change the value of ServerVariables("HTTP_REFERER"). Would this possible in an intranet environment? We are using XMLHTTP on the client to post a request to an ASP page, and we use REFERER to determine if the client&#039;s request is come from the correct DNS name. Please provide me some insight if our app is secure enough. Thanks in advance.<BR>

  2. #2
    Join Date
    Dec 1969

    Default Depends...

    Is outside access to the URL you use with XMLHTTP possible? That is, is that particular server connected to anything outside the LAN? If not, you&#039;re probably okay.<BR><BR>But if it&#039;s an internal app, why not just pass along a password? Wouldn&#039;t matter if it was hard-coded on both ends, so long as you didn&#039;t let any outsiders see the source code. It could be as long as you wanted it to be (even a GUID?) and then who could ever crack that without being able to put a traffic monitor on your LAN?<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts